Aggregator

MCP重新定义了大语言模型（LLM）与外部世界的互动方式。本文主要介绍并复现MCP服务的提示词注入、工具投毒、命令注入等漏洞，以及给出了相关漏洞的防护策略。

A vulnerability was found in D-Link DIR-513 1.0. It has been rated as critical. This issue affects the function formLanguageChange of the file /goform/formLanguageChange of the component HTTP POST Request Handler. The manipulation of the argument curTime leads to stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. The identification of this vulnerability is CVE-2025-8159. The attack may be initiated remotely. Furthermore, there is an exploit available.

Submit #620625 / VDB-317574

微软SharePoint发现严重漏洞CVE-2025-53770，已被中国支持的黑客利用进行攻击。攻击者可窃取加密密钥、植入恶意软件并横向移动至其他系统。微软已发布补丁，但专家警告许多系统可能已遭入侵。中国否认责任，但此类事件频发。

A vulnerability was found in PHPGurukul Login and User Management System 3.3. It has been declared as critical. This vulnerability affects unknown code of the file /admin/yesterday-reg-users.php. The manipulation of the argument ID leads to sql injection. This vulnerability was named CVE-2025-8158. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in PHPGurukul User Registration & Login and User Management 3.3. It has been classified as critical. This affects an unknown part of the file /admin/lastthirtyays-reg-users.php. The manipulation of the argument ID leads to sql injection. This vulnerability is uniquely identified as CVE-2025-8157. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in PHPGurukul User Registration & Login and User Management 3.3 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/lastsevendays-reg-users.php. The manipulation of the argument ID leads to sql injection. This vulnerability is handled as CVE-2025-8156. The attack may be launched remotely. Furthermore, there is an exploit available.

Submit #620604 / VDB-317573

文章探讨了超级富豪对社会进步的作用。指出创新者创造的价值大部分回馈社会，高收入者缴纳更多税收。鼓励更多通过创新和承担风险创造价值的亿万富翁，以推动技术和经济的发展。

Submit #620608 / VDB-317572

Submit #620597 / VDB-317571

Submit #620586 / VDB-317570

Billy带着小女孩Regina寻找其父亲，在后末日世界中面对僵尸威胁和生存困境。途中遭遇危险事件，包括僵尸袭击和车辆故障，最终两人被迫进入一家商店躲避更多威胁。

A vulnerability has been found in D-Link DCS-6010L 1.15.03 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /vb.htm of the component Management Application. The manipulation of the argument paratest leads to cross site scripting. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is known as CVE-2025-8155. The attack can be launched remotely. Furthermore, there is an exploit available.

当前环境异常，需完成验证后方可继续访问。

文章介绍了优化Docker镜像构建的三大核心原则：层缓存系统、RUN命令的高效使用和.dockerignore文件的作用。通过合理安排Dockerfile指令顺序、合并RUN命令以减少临时文件占用，并利用.dockerignore排除无关文件，可以显著提升构建速度、减少镜像体积并提高安全性。

Submit #620577 / VDB-283090

Вредоносный код прячется там, где его не ищет ни один антивирус.

A vulnerability, which was classified as very critical, was found in Aten eco DC. Affected is an unknown function. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2025-6685. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

文章讲述了Headway如何通过引入真人临床社会工作者（LCSW）并优化沟通方式与自动化技术的结合，成功解决初级保健医生在转介行为健康患者时的难题。这一模式提升了患者的回应率和医生的保留率，并在全国范围内扩展了其影响力。